Privacy Policy – XGATE

1. Scope

This Policy explains how XGATE collects, uses, shares, stores, and protects personal data when you use the website, create an account, place orders, or contact support.

2. Data We Collect

• Identity and contact data: name, mobile number, email address, and account details.
• Transaction data: order details, payment status, delivery records, refunds, and dispute history.
• Technical data: IP address, device type, browser, operating system, session identifiers, and cookies.
• Verification data: information or documents requested when needed for fraud prevention, payment compliance, or legal obligations.

3. Purposes of Processing

• To create accounts, manage orders, process purchases, deliver products, and provide support.
• To detect fraud, manage risk, verify payments, and protect the platform.
• To improve user experience, analyse performance, and manage notifications and services.
• To comply with legal, accounting, tax, and regulatory obligations.

4. Legal Basis

Processing may rely, depending on context, on contractual necessity, compliance with legal obligations, legitimate interests in fraud prevention, platform protection and service improvement, and consent where required by law or by the type of communication involved.

5. Sharing of Data

XGATE may share data to the extent necessary with payment providers, hosting and technical vendors, analytics tools, digital product issuers, and competent authorities where there is a legal obligation or legitimate request. Personal data is not sold as a standalone commercial product.

6. Cookies and Similar Technologies

The website uses cookies and similar technologies to operate sessions, remember preferences, measure performance, and improve security. Users may manage cookies through browser settings, noting that disabling some of them may affect website functionality.

7. Retention

XGATE retains personal data for as long as necessary to provide the service, manage the account, resolve disputes, meet legal/accounting obligations, or prevent fraud. Once the purpose expires, data is deleted or anonymized as permitted by applicable law.

8. User Rights

• Request access to personal data held about you.
• Request correction or updating of inaccurate data.
• Request deletion of your account or data where legally and contractually permissible.
• Object to marketing messages or withdraw consent to the extent permitted by law.

9. Security

XGATE implements reasonable organizational and technical measures to protect data against unauthorized access, loss, misuse, or alteration, while acknowledging that no electronic method is 100% secure.

10. Minors, Transfers, and Contact

The service is not intended for underage users without lawful supervision. If data has been collected contrary to applicable requirements, appropriate action will be taken. If operationally necessary, technical data transfers outside the Kingdom or outside the user’s country may occur under suitable contractual and regulatory safeguards. Privacy contact: [privacy email] / [support channel].